[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Resolution: Fixed Fix Version/s: 3.0.0-beta1 2.9.0 Status: Resolved (was: Patch Available) rested locally & applied to branch-2 & trunk +1 thanks! > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Fix For: 2.9.0, 3.0.0-beta1 > > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch, > HADOOP-14820-branch-2-001.patch.txt > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sivaguru Sankaridurg updated HADOOP-14820: -- Status: Patch Available (was: Open) Submitting branch-2 patch > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch, > HADOOP-14820-branch-2-001.patch.txt > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sivaguru Sankaridurg updated HADOOP-14820: -- Attachment: HADOOP-14820-branch-2-001.patch.txt > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch, > HADOOP-14820-branch-2-001.patch.txt > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sivaguru Sankaridurg updated HADOOP-14820: -- Status: Open (was: Patch Available) Canceling patch in order to submit branch-2 patch > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Status: Patch Available (was: Open) > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Attachment: HADOOP-14820-007.patch you are right. Updated patch with your new test in; test rerun and all is happy > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch, HADOOP-14820-007.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Attachment: HADOOP-14820-006.patch HADOOP-14820 patch 006 * fix line width on TestAzureFileSystemInstrumentation comment * in TestNativeAzureFileSystemAuthorization , modify new test to not create the dir childpath2, so that creating childpath3 forces the scan to go two levels up before finding the first directory & its permissions. Tested against Azure ireland: {{TestNativeAzureFileSystemAuthorization}} with build set to security & auth; TestAzureFileSystemInstrumentation with those options unset. This is what I propose to commit if yetus is happy > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch, > HADOOP-14820-006.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Status: Open (was: Patch Available) > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sivaguru Sankaridurg updated HADOOP-14820: -- Attachment: HADOOP-14820.005.patch > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
[ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14820: Affects Version/s: 2.8.1 Summary: Wasb mkdirs security checks inconsistent with HDFS (was: Fix for HDFS semantics parity for mkdirs -p) Target Version/s: 2.9.0 > Wasb mkdirs security checks inconsistent with HDFS > -- > > Key: HADOOP-14820 > URL: https://issues.apache.org/jira/browse/HADOOP-14820 > Project: Hadoop Common > Issue Type: Bug > Components: fs/azure >Affects Versions: 2.8.1 >Reporter: Sivaguru Sankaridurg >Assignee: Sivaguru Sankaridurg > Labels: azure, fs, secure, wasb > Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, > HADOOP-14820.003.patch, HADOOP-14820.004.patch > > > No authorization checks should be made when a user tries to create (mkdirs > -p) an existing folder hierarchy. > For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the > following operations, the results should be as shown below. > {noformat} > hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix > hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix > hdiuser@hn0-0d2f67:~$ ls -l > dr-xr-xr-x 3 rootroot 4096 Aug 29 08:25 prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix > hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1 > mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied > The first three mkdirs succeed, because the ancestor is already present. The > fourth one fails because of a permission check against the (shorter) ancestor > (as compared to the path being created). > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org